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This Repiy Brief is in response to the Examiner's Answer dated September 



25 , 2007. This Reply Brief addresses the Examiner's Answer concerning the 

appealed claims 1 and 3-20. 

f 
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1. 1 Appealed Claims 1 and 11 

i , 

j In the Appeal Brief filed June 4, 2007 ("Appeal Brief). Applicant's 
representative argued that the claimed element reviewing, by a Tokenizing Officer, 



credentials of a user and forwarding a user ID number and token ID number to a 
certificate management system (CMS) along with an electronic form request and a 
signature of the Tokenizing Officer, as recited in claim 1, is not taught or suggested 
byjU.S. Patent Pub. No. 2003/0005291, to Burn ("Burn") in view of the U.S. Patent 

No. 6,490,367 to Carlsson, et al. ("Carlsson"). Additionally, Applicant's 

f 

representative argued that the claimed element, a Tokenizing Officer that utilizes a 

I 

teipinal in a badging facility to forward a unique ID number of a user to which a 
pa rticular token Is to be issued along with the unique ID number of the particular 
token to a CMS and where the CMS binds the unique ID number of the user and the 
particular token ID number by storing the correspondence therebetween in a 
directory/database, wherein the Tokenizing Officer comprises a person, as recited in 
cla[m 1 1, is not taught or suggested by Bum in view of Carlsson. The Examiner 
responded to Applicant's representative's arguments in the Examiner's Answer dated 
September 25, 2007 ("Examiner's Answer), with nearly identical arguments for both 
cla|ms 1 and 11. Accordingly, for purposes of convenience, Applicant's 

re^esentative will merge responses (in this Reply Brief) to the Examiner's 

i 

arguments regarding the rejection of claims 1 and 1 1. In the Examiner's Answer, the 
Eximiner argues that: 

j Examiner ;wou Id like to note that Burn teaches a unique ID number 
f stored in the token (Fig. 5, element 140: "USER PIN" and par. 36 
j lines 6-8: In steps 85 and 90, personal identification numbers 
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(PINs) are randomly generated.) (See Examiner's Answer, Pages 
8-9 and 13-14) 



Applicant's representative respectfully disagrees with the 
Examiner's conclusion that the PIN disclosed in Burn corresponds to a 
unique ID number, as recited in claims 1 and 11. Nothing in Burn teaches 
©[{suggests that the disclosed PIN is unique to a token. In fact, as stated 
b\ the Examiner, Burn explicitly discloses that PINs are randomly 
gc nerated. Applicant's representative respectfully submits that since the 
P||Ns are randomly generated, it is very possible that two hardware token 
processors (HTPs) disclosed in Burn would have the same PIN stored on 
them. 

j Moreover, as is known, a PIN's length is typically chosen such that 

i 

a user of the PIN would be able to remember the PIN without needing to 
wjite it down. As an example, most bank debit cards have a four digit PIN. 
O&viously, a four digit PIN only allows for 10,000 different PINs. Thus, 
Applicant's representative respectfully submits that one skilled in the art 



would readily recognize the difference between a PIN (as disclosed 
Bum) and a token ID number, as recited in claims 1 and 1 1 . 



in 



j Additionally, the Examiner also argues that element 1 30 disclosed 

in ^IG. 5 of Burn (e.g., an HTP ID number) corresponds to the unique 

to|en ID recited^ in claims 1 and 11 (See Examiner's Answer, Pages 9 and 

1^. Applicant's representative respectfully submits that the Examiner is 

providing inconsistent arguments, since (as stated above) the Examiner 

argued that a PfN corresponds to the unique token ID recited in claims 1 
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aind 1 1 . Applicant's representative respectfully submits that since the 

j 

Examiner has provided inconsistent arguments that the Examiner has 



led to show that claims 1 and 1 1 are made obvious by the teachings of 
Biirn and Carlsson. 

Moreover, in rejecting claims 1 and 1 1 , the Examiner also states: 



[B]um teaches sending credentials to a CA... So, taking that in 
combination with Carlsson's Tokenizing Officer verifying the user's 
identity in person and sending the user ID and sequence request 
| number for the certificate (which could be replaced with the token 
| ID number taught in Burn), yields a secure system of authenticating 
| and validating users before binding their identity to a certificate and 
] a hardware token. The motivation for this combination as provided 
j by Carlsson et al., is that having a person as the Tokenizing Officer 
J is easy to administer and adds security because the credentials are 
\ checked by someone who is acquainted with the users so it is 
] harder to forge an identity in the binding process. (See Examiner's 
j Answer, Pages 11 and 16) 

I 

j To begin with, Applicant's representative respectfully submits that 

the Examiner's Answer is the first time the Examiner has offered this 

argument (e.g., that it would have been obvious to replace a certificate 

sequence number disclosed in Carlsson with the HTP ID number 

disclosed in Burn). In particular, in the Final Office Action dated October 

6, £006 ("Final Action"), the Examiner contended that a sequence number 

of ja certificate request is equivalent to a token ID number (See Final 
i. 

Action, Page 2). Thus, Applicant's representative will respond to this 
argument made toy the Examiner for the first time in this Reply Brief. 

! It would hot have been obvious to combine and modify the teachings of Bum 
and Carlsson in the manner suggested by the Examiner in the Examiner's Answer. 

The U.S. Court of Appeals for the Federal Circuit ("Federal Cirmin h*« f*,,„M ♦»,*♦ 
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ois»e of ordinaryiskill in the art would not have reasonably elected trading the benefit 
o| security for that of convenience, since tradeoffs concern what is feasible, while 
mbtivation to combine requires what is desirable, not just what is feasible. Winner 
irit'l Royalty Corp. v. Ching-Rong Wang 202 F.3d 1340, 1349 53 U.S.P.Q.2d 1580 
(Red. Cir. 2000). By analogy, Applicant's representative respectfully submits that it 

! 

would not have been obvious to combine and modify the teachings of Burn and 
Carlsson to trade the benefit of convenience and cost savings for that of security. 

In particular, Burn discloses an enrollment process that can be carried out on 
th^ Internet via a Web Browser 230 (See Bum, FIG, 8 and Pars. [0041H0042]). Any 
modification of Bum to include the CA administrator disclosed in Carlsson would 
increase the cost to implement the system disclosed in Burn; since it is presumable 
th^t employment of a CA administrator would substantially increase administrative 

costs. Additionally, modifying Burn to include the CA administrator disclosed in 

j 

Carlsson would result in a substantially less convenient system; since such a 
purported combination would require an interaction between an end user and the CA 
administrator, thus, if Burn were to be modified in the manner suggested by the 
Examiner in thel Examiner's Answer, a user would be unable to complete the 
enrollment process at a remote location, since the purported combination of Bum 

2 

•J 

arid Carlsson would require that the user and the CA administrator be within physical 
proximity. Therefore, Applicant's representative respectfully submits that it would not 
haye been obvious to combine and modify the teachings of Burn and Carlsson in the 
manner suggested by the Examiner in the Examiner's Answer. Accordingly, claims 1 
an:d 1 1 are patentable over the cited art. 
\ 
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! ; 
114 Appealed Claims 3 and 13 

| The method and system recited in claims 3 and 13 ensure a user has at most, 

j 

o*e token. In the Appeal Brief, Applicant's representative argued that Bum taken in 

j 

vipw of Carlssbn does not teach or suggest that a user cannot possess more than 

r 

o|e personalized card (e.g., a token). The Examiner responded by stating the 
fdjlowing: 

[B]urn teaches that an enrollment process is necessary in order to 
maintain: a system where each HTP is associated with one user in 
paragraph 47, lines 13-17: Also using distinct certificates helps to 
ensure that the HTP engaged in enrollment is the correct HTP and 
that no other HTP can inadvertently receive user-specific 
certificates that are encrypted with a distinct non-user specific 
certificate.' (See Examiner's Answer, Pages 12 and 17). 



0 



Applicant's representative respectfully submits that the cited section of Bum 
Far. [0047]) is completely devoid of any teaching or suggestion of any process or 
structure that would ensure that a user has at most, one token, in contrast to the 
mpthod and system recited in claims 3 and 13, respectively. At best, the cited 
section of Burn prevents an HTP from being associated with more than one user, but 

does not prevent the user from possessing more than one HTP. 

I 

I Moreover, in the Examiner's answer, the Examiner cites various sections of ' 

i 

Carlsson that disclose methods for revoking certificates when a user's status has 
changed (e.g., the user has been found to be unreliable, or his/her role has 

changed). In particular, the Examiner argues: 

j 

I [i]t would! have been obvious to modify the method disclosed in 
| Burn and Carlsson et al. from claim 3 (and claim 13) to incorporate 
\ a means for checking the token ID number and flags of the tokens 
| (disclosed in Burn) against other tokens and revoking tokens which 
j are no longer valid since the users certificate has been revoked 
I (disclosed in Carlsson et al.) (See Examiner's Answer, Paqes 13 
| and 18). 
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I Applicant's representative respectfully submits that even if what the Examiner 

f 

contends is true, the purported combination of Bum and Carlsson would still not 
mfeke claims 3 and 13 obvious. That is, the Examiner contends that it would have 
b jen obvious (from the teachings of Burn and Carlsson) to revoke tokens which are 
n<| longer valid. However, Applicant's representative respectfully submits that such 
an argument is irrelevant in regard to the patentability of claims 3 and 13. In claims 

1 
j 

3 ^nd 13, the CMS revokes redundant user tokens. In contrast, the purported 
combination of Burn and Carlsson would revoke tokens which are no longer valid, 
wfiile nothing in the purported combination of Bum and Carlsson would prevent the 
user from having multiple valid tokens. Accordingly, Burn taken in view of Carlsson 

> 

fajls to make claims 3 and 13 obvious. Thus, claims 3 and 13 are patentable over 

th^ cited art. 

■/ 

S 
I 
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j CONCLUSION 

| In view of the foregoing remarks, Applicant's representative respectfully 
siibmits that the present application is in condition for allowance. Applicant's 
representative respectfully requests reconsideration of this application and that the 
application be passed to issue. 

Please charge any deficiency or credit any overpayment in the fees for this 

i 

amendment to our Deposit Account No. 20-0090. 
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